SSHowDowN Flaw

Akamai found a way [PDF] in which hackers can exploit a particular weakness in OpenSSH (CVE-2004-1653). Millions of internet-connected devices use crypto. An attacker can use these flaws to take over these devices. Then combine their power into a single attack, like a botnet.

This particular hack has a name: SSHowDowN. Akamai says that 11 of its customers have been targets, coming from industries like financial services, retail, hospitality, and gaming.

Types of Vulnerable Devices

CCTV, NVR, DVR

Satellite TV Equipment

Networking devices like routers, hotspots, WiMax, ADSL modems

Network Attached Storage devices

SSHowDowN—via Akamai

Types of Attacks

Attacks against any internet target or internet-facing services like HTTP, SMTP and Network Scanning

Attacks against internal systems that host these devices

Akamai’s Threat Research team found that hackers used unauthorized SSH tunnels. IoT devices are hardened and don’t allow the default web interface user to use SSH. However, SSHowDowN bypasses this.

SSH, or Secure Shell, is usually used for remote system access. But most IoT companies either don’t use it or don’t use best practices when setting it up. As the Internet of Things gets bigger, so does the spread of critical flaws such as SSHowDowN.

“This is something we’ve known about for a dozen years..it should not be happening…these products have to be thought through and protected before they get into the home.”

In one example, Akamai found that hackers used an admin account to authorize an SSH tunnel to a network video recorder. Then they used the recorder to send malicious traffic. This hides the real source of the attack.